Lucene search
K

7426 matches found

NVD
NVD
added 2010/04/20 3:30 p.m.13 views

CVE-2010-0744

aMSN aka Alvaro's Messenger 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name CN field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via ...

5.8CVSS6.3AI score0.01305EPSS
Exploits0References15
securityvulns
securityvulns
added 2010/04/19 12:0 a.m.39 views

irssi multiple security vulnerabilities

Insufficient SSL certificate and version validation, DoS...

6.8CVSS3.4AI score0.02876EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2010/04/16 12:0 a.m.13 views

Ubuntu: Security Advisory (USN-929-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.5AI score0.02876EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2010/03/25 10:19 a.m.5 views

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

5.1CVSS6.6AI score0.04506EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/03/25 9:11 a.m.7 views

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

5.1CVSS6.6AI score0.04506EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.32 views

Debian DSA-1946-1 : belpic - cryptographic weakness

It was discovered that belpic, the belgian eID PKCS11 library, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which could be used to bypass the certificate validation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

5CVSS5.4AI score0.01185EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.26 views

Debian DSA-1852-1 : fetchmail - insufficient input validation

It was discovered that fetchmail, a full-featured remote mail retrieval and forwarding utility, is vulnerable to the 'Null Prefix Attacks Against SSL/TLS Certificates' recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a...

6.4CVSS8.2AI score0.01503EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.58 views

Debian DSA-1940-1 : php5 - multiple issues

Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems : The following issues have been fixed in both the stable lenny and the oldstable etch distributions : - CVE-2009-2687...

7.5CVSS7.2AI score0.08306EPSS
Exploits6References14
RedHat Linux
RedHat Linux
added 2010/01/20 12:23 a.m.11 views

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

5.1CVSS6.6AI score0.04506EPSS
Exploits0References4
seebug.org
seebug.org
added 2009/12/17 12:0 a.m.165 views

PostgreSQL空字符CA SSL整数校验安全绕过漏洞

Bugraq ID: 37334 CVE ID:CVE-2009-4034 PostgreSQL是一款对象关系型数据库管理系统,支持扩展的SQL标准子集。 处理部分证书字段中嵌入空字符的SSL证书存在错误,攻击者可以利用漏洞伪造证书,进行中间人等攻击。 SSL证书中的空字符可用于伪造客户端或服务端验证,只影响启用了SSL,执行证书名校验或客户端证书验证,而其CA已经被诱骗发布了非法证书的用户。 PostgreSQL PostgreSQL 8.4.1 PostgreSQL PostgreSQL 8.3.8 PostgreSQL PostgreSQL 8.3.6 PostgreSQL...

5.8CVSS6AI score0.0213EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2009/12/11 1:42 p.m.4 views

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

5.1CVSS6.6AI score0.04506EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2009/12/09 12:0 a.m.20 views

Debian: Security Advisory (DSA-1946-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.01185EPSS
Exploits0References3
RubySec
RubySec
added 2009/12/07 12:0 a.m.23 views

jruby-openssl Gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...

7.5CVSS3.9AI score0.006EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2009/12/04 12:0 a.m.6 views

DSA-1946-1 belpic - cryptographic weakness

Bulletin has no description...

5CVSS6.3AI score0.01185EPSS
Exploits0
Debian
Debian
added 2009/11/25 9:48 p.m.59 views

[SECURITY] [DSA-1940-1] New php5 packages fix several issues

------------------------------------------------------------------------ Debian Security Advisory DSA-1940-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 25, 2009 http://www.debian.org/security/faq -...

7.5CVSS7.4AI score0.08306EPSS
Exploits6
Debian
Debian
added 2009/11/25 9:48 p.m.64 views

[SECURITY] [DSA-1940-1] New php5 packages fix several issues

------------------------------------------------------------------------ Debian Security Advisory DSA-1940-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 25, 2009 http://www.debian.org/security/faq -...

7.5CVSS0.08306EPSS
Exploits6
OSV
OSV
added 2009/11/25 12:0 a.m.64 views

DSA-1940-1 php5 - multiple issues

Bulletin has no description...

7.5CVSS8.1AI score0.12041EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2009/11/16 3:44 p.m.10 views

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

5.1CVSS6.6AI score0.04506EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/11/10 7:30 p.m.8 views

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

5.1CVSS6.6AI score0.04506EPSS
Exploits0References4
0day.today
0day.today
added 2009/11/10 12:0 a.m.32 views

Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass

Exploit for unknown platform in category remote exploits ====================================================================================== Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability...

7.1AI score
Exploits0
Rows per page
Query Builder